Everybody knows that the destructive power of botnets lies in their massive number. While those malware-infected computers often have unpatched vulnerabilities, which makes them easy to compromise, it still takes a long time to get hold of so many computers. The only reason hackers can construct botnets is because most victims are completely unaware that their computers have been compromised.
Now most botnet mitigation efforts, from the disconnection of McColo in 2008 to the recent Bredolab takedown by Dutch police, try to bring down botnets by taking C&C servers offline. While it is a good step, merely doing that is not enough. They often fail to notify the victims. Thus the vulnerabilities within those zombie computers will remain unfixed, and it is just a matter of time before hackers take control of those computers again. In my point of view, botnet notification should be a priority, so victims can fix the security loopholes inside their computers.
Notifying victims also addresses other problems. For example, botnets can collect data about people, which are sometimes used in phone scams. If victims know their computers have been compromised, they will beware of suspicious phone calls, and change their passwords as soon as possible. That helps to limit the scope of damage caused by botnets.
Notifying victims also addresses other problems. For example, botnets can collect data about people, which are sometimes used in phone scams. If victims know their computers have been compromised, they will beware of suspicious phone calls, and change their passwords as soon as possible. That helps to limit the scope of damage caused by botnets.
No comments:
Post a Comment